Overview

overview

10

Static

static

10

JaffaCakes...a0.exe

windows7-x64

10

JaffaCakes...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_0323ba30a52206c1b2c2d12a86e788a0

  • Size

    91KB

  • Sample

    241231-eagrkswkbz

  • MD5

    0323ba30a52206c1b2c2d12a86e788a0

  • SHA1

    ce0dbbab897e73556e41f2caf1d5a648f17ba8ef

  • SHA256

    4496aefdf9a281f786b11b715adccde60f1fdb4051b633e38381f5ccbb70b54c

  • SHA512

    3a45873ccea5bf8d6e2ef899d10ae5e11f3110f13e96789016a9ba14bdaae8c482d105da11d1ef7e3512e0aea1de9bd3fecba27855c3a48d31d2ff24f3b2b0f6

  • SSDEEP

    1536:9V4Gua+3Sb4qTB52tOU0MlV3nm6AKDW1G5yOAc4tTvBkzbW/R:v/9eQogUlVXLAK3yOAaW/R

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://taxfreeincomenow.org/ponyf/gate.php

http://tmgfinancial.org/ponyf/gate.php

http://tmginsurance.org/ponyf/gate.php

http://supportquilting.com/ponyf/gate.php
Attributes
  • payload_url

    http://www.butlerandconcierge.com/DW4s6.exe

    http://208.2.139.48/sGozBy.exe

    http://ftp.navaglia.it/yvWQaSzC.exe

Targets

    • Target

      JaffaCakes118_0323ba30a52206c1b2c2d12a86e788a0

    • Size

      91KB

    • MD5

      0323ba30a52206c1b2c2d12a86e788a0

    • SHA1

      ce0dbbab897e73556e41f2caf1d5a648f17ba8ef

    • SHA256

      4496aefdf9a281f786b11b715adccde60f1fdb4051b633e38381f5ccbb70b54c

    • SHA512

      3a45873ccea5bf8d6e2ef899d10ae5e11f3110f13e96789016a9ba14bdaae8c482d105da11d1ef7e3512e0aea1de9bd3fecba27855c3a48d31d2ff24f3b2b0f6

    • SSDEEP

      1536:9V4Gua+3Sb4qTB52tOU0MlV3nm6AKDW1G5yOAc4tTvBkzbW/R:v/9eQogUlVXLAK3yOAaW/R

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks